HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

If it ain't about tech then it prolly fits in here...
Post Reply
europe
Regular user
Posts: 3
Joined: Wed Nov 28, 2018 1:56 pm

HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by europe » Wed Nov 28, 2018 2:12 pm

your website rocks!

edit:
there are mixed content issues at https://www.tankraider.com/DOSPALMTOP/list.html

Kyodai
Site Admin
Posts: 198
Joined: Fri May 15, 2015 7:33 pm

Re: HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by Kyodai » Thu Nov 29, 2018 12:10 pm

Oh wow we got HTTPS... I never noticed. How generous of my hoster to provide a free SSL certificate.

Yeah the mixed content is pretty obvious since I use some absolute links i think (like http://server/image i guess). Imma look into that when i got some spare time. Not sure about SSL 1.3 - gotta look into cpanel, but i fear there's prolly no handle for me to turn that on. Personally I think it's a minor issue. If we had some Top secret data here like Credit card numbers or so I would be worried, but only part with user data is the forum and i guess best you could grab here with a serious attack is some e-mail addresses. I hope noone re-uses a "serious" password here, my focus is really more on some palmtop info and discussion than on a high security environment.

Kyodai
Site Admin
Posts: 198
Joined: Fri May 15, 2015 7:33 pm

Re: HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by Kyodai » Thu Nov 29, 2018 12:32 pm

Aight I found the mixed content issue. One was an absolute HHTP link to the forum which i replaced by "../Forums".

The other one is actually dumb and I'd call this a "bug" in firefox or at least "questionable". It was the "base href" meta tag.
In this example I misunderstood and misused the base href tag anyways - so if it would have been used as intended you wouldn't have been able to open any link on that page (Since i included the html page in the base - which obviously doesn't make sense). So seemingly firefox fixes or ignores an invalid vbase tag... buuuut it still says mixed content.

I removed the base href tag completely since I don't really need it anyways. STill all sub pages suffer from this behaviour, so imma need to fix these as well.

europe
Regular user
Posts: 3
Joined: Wed Nov 28, 2018 1:56 pm

Re: HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by europe » Sun Dec 02, 2018 1:02 pm

hello Kyodai,

it is still configured to use TLS v1.0. https://doesmysiteneedhttps.com

please enable the newest versions.

the links at https://tankraider.com has absolute links too.

Kyodai
Site Admin
Posts: 198
Joined: Fri May 15, 2015 7:33 pm

Re: HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by Kyodai » Mon Dec 03, 2018 2:43 pm

Hi there,

I have no influence on the status of SSL with my hoster. I guess you get what you pay for and since I only spend 4.95 USD per month for this page (including the .com domain) I am surprised I got SSL anyways (originally it was only available for extra money - which i never spent).

Anyways - Super SSL or not - it would be wise to NEVER enter sensitive information on ANY website unless you REALLY need it. After all is said and done a malicious webmaster could always read all of your info, passwords etc.

This is just my nonsense website to keep track of Palmtops and cool tech gadgets, I just added the forums to give people the ability to get into a dialogue with me or others - however no liability whatsoever offered by me, neither for the platform not for the content.

If someone would sponsor me and pay all the bills I'd be willing to move worlds to offer the fanciest newest security features, but as it is no I'll stick with my super cheap hoster and we'll have to live with TLS 1.0 until i get a free update.

europe
Regular user
Posts: 3
Joined: Wed Nov 28, 2018 1:56 pm

Re: HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by europe » Sun Dec 09, 2018 7:00 pm

i contacted your web hosting company. they enabled v1.2 and v1.1.

Kyodai
Site Admin
Posts: 198
Joined: Fri May 15, 2015 7:33 pm

Re: HTTPS configuration, enable TLS v1.3 and v1.2, disable all the older versions

Post by Kyodai » Sun Dec 09, 2018 8:29 pm

Yeah TLS 1.2 working fine.Thanks a lot!

Post Reply